From 9557c9977e66b7f7ac93f89280ea32113a1c3a55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan-Luis=20de=20Sousa-Valadas=20Casta=C3=B1o?= Date: Mon, 18 Nov 2024 12:49:16 +0100 Subject: [PATCH] Stage iptables binaries in a sepparate component MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Juan-Luis de Sousa-Valadas CastaƱo --- cmd/worker/worker.go | 16 +++++-- .../component/iptables}/iptables.go | 28 ++++++++++- .../component/iptables}/iptables_test.go | 46 +++++++++---------- pkg/component/worker/kubelet.go | 6 --- pkg/constant/constant.go | 1 + 5 files changed, 63 insertions(+), 34 deletions(-) rename {internal/pkg/iptablesutils => pkg/component/iptables}/iptables.go (91%) rename {internal/pkg/iptablesutils => pkg/component/iptables}/iptables_test.go (81%) diff --git a/cmd/worker/worker.go b/cmd/worker/worker.go index 2f9be2410ea3..847cfab50bf9 100644 --- a/cmd/worker/worker.go +++ b/cmd/worker/worker.go @@ -28,6 +28,7 @@ import ( k0slog "github.com/k0sproject/k0s/internal/pkg/log" "github.com/k0sproject/k0s/internal/pkg/sysinfo" "github.com/k0sproject/k0s/pkg/build" + "github.com/k0sproject/k0s/pkg/component/iptables" "github.com/k0sproject/k0s/pkg/component/manager" "github.com/k0sproject/k0s/pkg/component/prober" "github.com/k0sproject/k0s/pkg/component/status" @@ -147,7 +148,11 @@ func (c *Command) Start(ctx context.Context) error { c.WorkerProfile = "default-windows" } - componentManager.Add(ctx, &worker.Kubelet{ + iptablesComponent := &iptables.IPTables{ + IPTablesMode: c.WorkerOptions.IPTablesMode, + } + + kubeletComponent := &worker.Kubelet{ CRISocket: c.CriSocket, EnableCloudProvider: c.CloudProvider, K0sVars: c.K0sVars, @@ -158,9 +163,11 @@ func (c *Command) Start(ctx context.Context) error { Labels: c.Labels, Taints: c.Taints, ExtraArgs: c.KubeletExtraArgs, - IPTablesMode: c.WorkerOptions.IPTablesMode, DualStackEnabled: workerConfig.DualStackEnabled, - }) + } + + componentManager.Add(ctx, iptablesComponent) + componentManager.Add(ctx, kubeletComponent) certManager := worker.NewCertificateManager(kubeletKubeconfigPath) @@ -196,6 +203,9 @@ func (c *Command) Start(ctx context.Context) error { } worker.KernelSetup() + + kubeletComponent.IPTablesMode = iptablesComponent.IPTablesMode + err = componentManager.Start(ctx) if err != nil { return fmt.Errorf("failed to start worker components: %w", err) diff --git a/internal/pkg/iptablesutils/iptables.go b/pkg/component/iptables/iptables.go similarity index 91% rename from internal/pkg/iptablesutils/iptables.go rename to pkg/component/iptables/iptables.go index 58ed605fec87..d9537e8e62d2 100644 --- a/internal/pkg/iptablesutils/iptables.go +++ b/pkg/component/iptables/iptables.go @@ -1,5 +1,5 @@ /* -Copyright 2022 k0s authors +Copyright 2024 k0s authors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,10 +14,11 @@ See the License for the specific language governing permissions and limitations under the License. */ -package iptablesutils +package iptables import ( "bufio" + "context" "errors" "fmt" "os" @@ -27,6 +28,7 @@ import ( "strings" "github.com/k0sproject/k0s/pkg/assets" + "github.com/k0sproject/k0s/pkg/config" "github.com/k0sproject/k0s/pkg/constant" "github.com/sirupsen/logrus" ) @@ -36,6 +38,28 @@ const ( ModeLegacy = "legacy" ) +type IPTables struct { + K0sVars *config.CfgVars + IPTablesMode string +} + +func (i *IPTables) Init(_ context.Context) error { + err, iptablesMode := ExtractIPTablesBinaries(i.K0sVars.BinDir, i.IPTablesMode) + if err != nil { + return err + } + i.IPTablesMode = iptablesMode + return nil +} + +func (s *IPTables) Start(_ context.Context) error { + return nil +} + +func (s *IPTables) Stop() error { + return nil +} + // ExtractIPTablesBinaries extracts the iptables binaries from the k0s binary and makes the symlinks // to the backend detected by DetectHostIPTablesMode. // ExtractIPTablesBinaries only works on linux, if called in another OS it will return an error. diff --git a/internal/pkg/iptablesutils/iptables_test.go b/pkg/component/iptables/iptables_test.go similarity index 81% rename from internal/pkg/iptablesutils/iptables_test.go rename to pkg/component/iptables/iptables_test.go index 8b524783ed6c..4b97ba6d1205 100644 --- a/internal/pkg/iptablesutils/iptables_test.go +++ b/pkg/component/iptables/iptables_test.go @@ -1,5 +1,5 @@ /* -Copyright 2022 k0s authors +Copyright 2024 k0s authors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package iptablesutils_test +package iptables_test import ( "fmt" @@ -26,7 +26,7 @@ import ( "testing" "github.com/k0sproject/k0s/internal/pkg/file" - "github.com/k0sproject/k0s/internal/pkg/iptablesutils" + "github.com/k0sproject/k0s/pkg/component/iptables" "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" @@ -64,7 +64,7 @@ func TestDetectHostIPTablesMode(t *testing.T) { t.Run("iptables_not_found", func(t *testing.T) { binDir := t.TempDir() - _, err := iptablesutils.DetectHostIPTablesMode(binDir) + _, err := iptables.DetectHostIPTablesMode(binDir) var execErr *exec.Error require.ErrorAs(t, err, &execErr) @@ -79,9 +79,9 @@ func TestDetectHostIPTablesMode(t *testing.T) { strings.Repeat("echo KUBE-IPTABLES-HINT\n", 1), ) - mode, err := iptablesutils.DetectHostIPTablesMode(binDir) + mode, err := iptables.DetectHostIPTablesMode(binDir) require.NoError(t, err) - assert.Equal(t, iptablesutils.ModeNFT, mode) + assert.Equal(t, iptables.ModeNFT, mode) }) t.Run("xtables_legacy", func(t *testing.T) { @@ -91,9 +91,9 @@ func TestDetectHostIPTablesMode(t *testing.T) { strings.Repeat("echo KUBE-IPTABLES-HINT\n", 1), ) - mode, err := iptablesutils.DetectHostIPTablesMode(binDir) + mode, err := iptables.DetectHostIPTablesMode(binDir) require.NoError(t, err) - assert.Equal(t, iptablesutils.ModeLegacy, mode) + assert.Equal(t, iptables.ModeLegacy, mode) }) t.Run("xtables_nft_over_legacy", func(t *testing.T) { @@ -108,9 +108,9 @@ func TestDetectHostIPTablesMode(t *testing.T) { strings.Repeat("echo KUBE-IPTABLES-HINT\n", 3), ) - mode, err := iptablesutils.DetectHostIPTablesMode(binDir) + mode, err := iptables.DetectHostIPTablesMode(binDir) require.NoError(t, err) - assert.Equal(t, iptablesutils.ModeNFT, mode) + assert.Equal(t, iptables.ModeNFT, mode) }) t.Run("xtables_legacy_over_nft_more_entries", func(t *testing.T) { @@ -124,9 +124,9 @@ func TestDetectHostIPTablesMode(t *testing.T) { strings.Repeat("echo FOOBAR\n", 2), ) - mode, err := iptablesutils.DetectHostIPTablesMode(binDir) + mode, err := iptables.DetectHostIPTablesMode(binDir) require.NoError(t, err) - assert.Equal(t, iptablesutils.ModeLegacy, mode) + assert.Equal(t, iptables.ModeLegacy, mode) }) t.Run("fallback_to_iptables_if_xtables_nft_over_legacy_more_entries", func(t *testing.T) { @@ -140,7 +140,7 @@ func TestDetectHostIPTablesMode(t *testing.T) { strings.Repeat("echo FOOBAR\n", 1), ) - _, err := iptablesutils.DetectHostIPTablesMode(binDir) + _, err := iptables.DetectHostIPTablesMode(binDir) var execErr *exec.Error require.ErrorAs(t, err, &execErr) assert.Equal(t, "iptables", execErr.Name) @@ -152,9 +152,9 @@ func TestDetectHostIPTablesMode(t *testing.T) { writeXtables(t, binDir, "nft", "exit 1", "exit 1") writeXtables(t, binDir, "legacy", "exit 1", "echo KUBE-IPTABLES-HINT") - mode, err := iptablesutils.DetectHostIPTablesMode(binDir) + mode, err := iptables.DetectHostIPTablesMode(binDir) require.NoError(t, err) - assert.Equal(t, iptablesutils.ModeLegacy, mode) + assert.Equal(t, iptables.ModeLegacy, mode) }) t.Run("xtables_legacy_fails", func(t *testing.T) { @@ -162,9 +162,9 @@ func TestDetectHostIPTablesMode(t *testing.T) { writeXtables(t, binDir, "nft", "exit 1", "echo KUBE-IPTABLES-HINT") writeXtables(t, binDir, "legacy", "exit 1", "exit 1") - mode, err := iptablesutils.DetectHostIPTablesMode(binDir) + mode, err := iptables.DetectHostIPTablesMode(binDir) require.NoError(t, err) - assert.Equal(t, iptablesutils.ModeNFT, mode) + assert.Equal(t, iptables.ModeNFT, mode) }) t.Run("xtables_fails", func(t *testing.T) { @@ -172,7 +172,7 @@ func TestDetectHostIPTablesMode(t *testing.T) { writeXtables(t, binDir, "nft", "exit 99", "exit 88") writeXtables(t, binDir, "legacy", "exit 77", "exit 66") - _, err := iptablesutils.DetectHostIPTablesMode(binDir) + _, err := iptables.DetectHostIPTablesMode(binDir) var composite interface{ Unwrap() []error } require.ErrorAs(t, err, &composite, "No wrapped errors") errs := composite.Unwrap() @@ -190,23 +190,23 @@ func TestDetectHostIPTablesMode(t *testing.T) { writeXtables(t, binDir, "legacy", "", "") t.Run("iptables_legacy", func(t *testing.T) { - mode, err := iptablesutils.DetectHostIPTablesMode(binDir) + mode, err := iptables.DetectHostIPTablesMode(binDir) require.NoError(t, err) - assert.Equal(t, iptablesutils.ModeLegacy, mode) + assert.Equal(t, iptables.ModeLegacy, mode) }) writeScript(t, pathDir, "iptables", "echo foo-nf_tables-bar") t.Run("iptables_nft", func(t *testing.T) { - mode, err := iptablesutils.DetectHostIPTablesMode(binDir) + mode, err := iptables.DetectHostIPTablesMode(binDir) require.NoError(t, err) - assert.Equal(t, iptablesutils.ModeNFT, mode) + assert.Equal(t, iptables.ModeNFT, mode) }) writeScript(t, pathDir, "iptables", "exit 1") t.Run("iptables_broken", func(t *testing.T) { - _, err := iptablesutils.DetectHostIPTablesMode(binDir) + _, err := iptables.DetectHostIPTablesMode(binDir) var exitErr *exec.ExitError require.ErrorAs(t, err, &exitErr) assert.Equal(t, 1, exitErr.ExitCode()) diff --git a/pkg/component/worker/kubelet.go b/pkg/component/worker/kubelet.go index 9c2debacf9e2..772872220699 100644 --- a/pkg/component/worker/kubelet.go +++ b/pkg/component/worker/kubelet.go @@ -30,7 +30,6 @@ import ( "github.com/k0sproject/k0s/internal/pkg/dir" "github.com/k0sproject/k0s/internal/pkg/file" "github.com/k0sproject/k0s/internal/pkg/flags" - "github.com/k0sproject/k0s/internal/pkg/iptablesutils" "github.com/k0sproject/k0s/internal/pkg/stringmap" "github.com/k0sproject/k0s/pkg/assets" "github.com/k0sproject/k0s/pkg/component/manager" @@ -81,11 +80,6 @@ func (k *Kubelet) Init(_ context.Context) error { if err := assets.Stage(k.K0sVars.BinDir, "kubelet", constant.BinDirMode); err != nil { return err } - err, iptablesMode := iptablesutils.ExtractIPTablesBinaries(k.K0sVars.BinDir, k.IPTablesMode) - if err != nil { - return err - } - k.IPTablesMode = iptablesMode } k.dataDir = filepath.Join(k.K0sVars.DataDir, "kubelet") diff --git a/pkg/constant/constant.go b/pkg/constant/constant.go index 2306a799a31f..109b5476e011 100644 --- a/pkg/constant/constant.go +++ b/pkg/constant/constant.go @@ -110,6 +110,7 @@ const ( CoreDNSComponentname = "coredns" CsrApproverComponentName = "csr-approver" HelmComponentName = "helm" + IptablesBinariesComponentName = "iptables-binaries" KonnectivityServerComponentName = "konnectivity-server" KubeControllerManagerComponentName = "kube-controller-manager" KubeProxyComponentName = "kube-proxy"